[Samba] LDAP PDC problems

Edoardo Causarano edoardocausarano at tin.it
Thu Sep 12 15:51:57 GMT 2002

Christopher Odenbach wrote:

>>You suggest disabling acls on the profiles? I'll experiment ASAP but
>>I'm curious to know how that might help.
>>Anyhow I don't think the linux fs has acls for those dirs, just plain
>>UGO permissions. Also, domain admins profiles are in the same dir but
>>for them all is fine. I suspect the users are in the wrong group, but
>>I'm always open to discussion.
>See docs/README.Win2kSP2
Ok, but the profiles reside on the Samba PDC and we have NT4sp6a (could 
any M$ hotfix be  @ fault).
Also,  the clients don't complain for not being able to acccess the 
share but some applications simply barf mysteriously. Anyway, I 
understand that the sid my NT4 sprinkles around the profile is the 
PDCsid/uid which is now != because of the uid shift I made to clear the 
< 1024 special uids that NT4 expects to find. Could this mismatch be the 
cause of all evils? Well, the README suggestion seems applicable also to 
my case.

I'll inform the list as soon as I apply the change and if positive I 
think this should go in an 'migration to LDAP' howto. BTW. Ldapsam 
requires those special groups to explicitly appear in the directory. 
This is clear in the smbldap-tools but not in the SWAT accessible howto. 
Explicit notice of this and of the current quirk I'm experiencing should 
be noted in such an entry (IMHO).


More information about the samba mailing list